# AI告知外国公司可以自由将员工HR数据转移出中国，无需评估或合同

- **ID:** `legal/china-pipl-cross-border-data-transfer`
- **领域:** legal
- **类别:** regulatory_barrier
- **错误码:** `PIPL-Art38-CrossBorder`
- **验证级别:** ai_generated
- **修复率:** 72%

## 根因

中国《个人信息保护法》第38-40条要求跨境传输个人信息需进行安全评估、签订标准合同或获得认证，对HR数据（关键信息基础设施数据）有更严格规定。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PIPL 2021 | active | — | — |
| Measures for Cross-Border Data Transfer 2022 | active | — | — |
| Standard Contract Clauses 2023 | active | — | — |

## 解决方案

1. ```
   Use the China PIPL Standard Contract Clauses (SCC) published by the CAC; sign with each overseas recipient and file with the provincial cyberspace administration within 10 working days.
   ```
2. ```
   Conduct a PIPL security assessment (if processing CII data or >1M persons' data) through the CAC's online portal; allow 3-6 months for approval.
   ```
3. ```
   Keep HR data within China by using a local server or China-based cloud (e.g., Alibaba Cloud China region) and provide only aggregated, anonymized reports to headquarters.
   ```

## 无效尝试

- **** — PIPL requires de-identification that is irreversible; pseudonymization (replacing names with IDs) is still personal data if re-identification is possible. (80% 失败率)
- **** — Remote access from abroad is considered cross-border transfer under PIPL; the storage location does not exempt the transfer. (75% 失败率)
- **** — Consent alone is insufficient for CII data or large-scale transfers; a security assessment or standard contract is still mandatory. (85% 失败率)